rcutorture: Avoid fake-writer use of undefined primitives
authorPaul E. McKenney <paulmck@linux.vnet.ibm.com>
Fri, 8 Dec 2017 18:48:41 +0000 (10:48 -0800)
committerPaul E. McKenney <paulmck@linux.vnet.ibm.com>
Wed, 21 Feb 2018 00:21:56 +0000 (16:21 -0800)
Currently the rcu_torture_fakewriter() function invokes cur_ops->sync()
and cur_ops->exp_sync() without first checking to see if they are in
fact non-NULL.  This results in kernel NULL pointer dereferences when
testing RCU implementations that choose not to provide the full set of
primitives.  Given that it is perfectly reasonable to have specialized
RCU implementations that provide only a subset of the RCU API, this is
a bug in rcutorture.

This commit therefore makes rcu_torture_fakewriter() check function
pointers before invoking them, thus allowing it to test subsetted
RCU implementations.

Reported-by: Lihao Liang <lianglihao@huawei.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
kernel/rcu/rcutorture.c

index 0f94025..6c46cd1 100644 (file)
@@ -1045,13 +1045,13 @@ rcu_torture_fakewriter(void *arg)
                    torture_random(&rand) % (nfakewriters * 8) == 0) {
                        cur_ops->cb_barrier();
                } else if (gp_normal == gp_exp) {
-                       if (torture_random(&rand) & 0x80)
+                       if (cur_ops->sync && torture_random(&rand) & 0x80)
                                cur_ops->sync();
-                       else
+                       else if (cur_ops->exp_sync)
                                cur_ops->exp_sync();
-               } else if (gp_normal) {
+               } else if (gp_normal && cur_ops->sync) {
                        cur_ops->sync();
-               } else {
+               } else if (cur_ops->exp_sync) {
                        cur_ops->exp_sync();
                }
                stutter_wait("rcu_torture_fakewriter");